Frankel, Sheila E. writes:
> Issue #114: Expired drafts, especially BEET
...
> Several Internet Drafts were written to address these problems:
> Extended Authentication withn IKE (XAUTH) (draft-beaulieu-ike-xauth and
> its predecessor draft-ietf-ipsra-isakmp-xauth) and The ISAKMP Configuration
> Me
Frankel, Sheila E. writes:
> This is an initial attempt to resolve Issue #113. We would
> appreciate comments/suggestions/alternate approaches.
>
> #113: Use of AES-XCBC in IKE
>
> Currently, the Req levels are SHOULD for IKEv1 (based on RFC4109)
> and optional for IKEv2. The Req levels for AE
I am interested in WESP Extension and would like to co-author it. Our
interest in WESP extensions are to ease IPsec deployment within Intranet
security AND Middle Boxes. We expect WESP would be able to provide Network
administrators information related on IPsec and Middleboxes interactions.
Regard
At 11:29 AM +0200 12/4/09, Tero Kivinen wrote:
>Perhaps we should add some kind of advertisement here by changing the
>last sentence to:
>
>"All of those problems and security issues have been solved in the
>IKEv2, thus use of these non-standardized IKEv1 solutions is not
>recommended."
>
>I.e. pro
On Sun, 2009-11-29 at 19:59 -0500, Stephen Kent wrote:
> I think that there has been insufficient discussion of whether those
> who wish to make use of IPsec to enforce mandatory access controls
> require the facilities described by the folks who have proposed this.
> At the WG meeting 2 weeks a
On Fri, Dec 04, 2009 at 12:09:50PM -0600, Joy Latten wrote:
> I believe they are becoming more mainstream. For example, SELinux and
> Simplified Mandatory Access Control (SMACK) in Linux Operating System
> and Mandatory Integrity Control in Windows Vista.
You forgot OpenSolaris Trusted Extensio
At 12:35 PM +0200 12/4/09, Tero Kivinen wrote:
>I would say as we are talking here about the obsoleted IKEv1 protocol,
>and these problems have already been solved in the IKEv2, there is no
>need to do anything for IKEv1 registries.
Agree.
>There is no need to get AES-XCBC PRF to work when prot
On Fri, Dec 04, 2009 at 01:39:46PM -0500, Dan McDonald wrote:
> The bigger point being missed by this thread, I think, is that it
> seems that any work in multi-level security needs to deal with
> successful interoperability. If it doesn't, there's little point in
> documenting a single-platform s
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the IP Security Maintenance and Extensions Working
Group of the IETF.
Title : Using Advanced Encryption Standard (AES) Counter Mode
with IKEv2
Author(s) :
Hi Michael,
On Thu, December 3, 2009 7:18 pm, Michael Richardson wrote:
> Dan Harkins wrote:
>> 2. solves the specific problem it is aimed at poorly-- doubling of
>> the number of messages, requiring writing and testing of new
>> state EAP state machines that are, otherwise
Please remember that it is up to the WG to define the work item. The I-D is
just a possible starting point, so if there's strong interest in this area, you
may wish to reach consensus on a charter item - and to convince the rest of us
that enough people are interested.
Thanks,
Yaron
>
On Fri, Dec 04, 2009 at 10:46:02PM +0200, Yaron Sheffer wrote:
> Please remember that it is up to the WG to define the work item. The
> I-D is just a possible starting point, so if there's strong interest
> in this area, you may wish to reach consensus on a charter item - and
> to convince the rest
12 matches
Mail list logo
